How Did We Go From SD-WAN to SASE to SSE?

A decade ago, enterprise branch offices had a primary connection (usually MPLS) to the data center and other internal sites. Some large or high-value locations utilized multiple connections or backup links during outages.

Then Viptela introduced the software-defined wan or SD-WAN. One of the benefits of SD-WAN was that it enabled the use of active paths across multiple disparate types of transport. Whereas hardware-based networks are slower and harder to connect to additional remote locations. It accomplished this by creating an overlay network on top of these transports and routing traffic on it. When we say “overlay,” we really mean “tunnels.” The tunnels are required to provide the enterprise-grade security and privacy the internet lacks but network traffic needs.

This was a major advance of SD-WAN technology: It provided a cost-effective way to add and enable rapid bandwidth provisioning at branch locations without the need for expensive routers and more investments into the network infrastructure. Add SD-WAN’s flexibility and agility, and you can see the fundamental advantages of a software-defined wide area network. Still another cost-saving feature of SD-WAN was that the physical components of the infrastructure were virtualized using SDN principles so that the network functions could be executed as software on low-cost hardware.

Another advancement and advantage of SD-WAN and this was regardless of the vendor or service provider delivering the SD-WAN technology, was that it allowed customers to build a single network infrastructure that includes different types of connections, such as multiprotocol label switching (MPLS), broadband, as well as cellular connections.

But since then, and with the drive towards digital transformation, cloud workloads have become pervasive, and traffic patterns have changed. Essentially, the perimeter of the network—which frontier enterprises fought to secure—disappeared. Now the network is everywhere. As a result, how we deploy security and address the ever-evolving cybersecurity needs must change. And because there were doubts about how reliable the internet connection was, packet loss and latency became real problems for operators and service providers who ran real-time or latency-sensitive applications on heavily used circuits. Something needed to change.

To meet the challenge, enterprises are adopting cloud-delivered security services. Traffic can directly exit the branch and be secured by a cloud security service like Netskope, iboss, or Zscaler. Internal traffic can still route to hub sites and data centers, but cloud or internet-destined traffic does not need to.

Many SD-WAN vendors began to add these features to their products, and security vendors began to include SD-WAN features. This created a new category called Secure Access Services Edge (SASE).

While this seems like a great idea, access (the “A” in SASE) has proven very difficult, and network performance and user experience suffered. The volume of tunnels required to create an overlay at scale has driven up infrastructure costs, increased operational overhead, and added immense complexity. You build tunnels to jam as much traffic as needed to deliver data to the security stack down it. Also, you can utilize a service that should have been accessible without the need to redesign your network or make considerable investments into deploying a new end-to-end SD-WAN.

Faced with this issue, security vendors have rebranded themselves as Secure Services Edge (SSE) platforms. Rather than fix the access problem, they eliminated the “A.” They just gloss over the whole access issue: “It just works. It’s magic!”

What a mess! It is time to realize that security is a service like the cloud and SaaS. But to do that, we need to fix access, not ignore it.

Security was built into MPLS but at an extremely high cost. SD-WAN fixed the cost issue and was radically more agile to deploy and manage than MPLS, but it broke security. What enterprises need is a new access model that combines the high performance and rock-solid security of MPLS with the lowered cost and agility of SD-WAN.

Click here to see how the Graphiant Network Edge provides precisely that. It is a private, programmable fabric that lets workloads, devices, and applications consume the services required on demand.

So, this blog is really about how we went from SD-WAN to SASE to SSE to the Graphiant Network Edge.

Link to the original article:
https://onug.net/blog/how-did-we-go-from-sd-wan-to-sase-to-sse/

Related Resources

Explore and Stay Informed

Media Coverage

Graphiant 2022 Predictions: Prepare Your Network for These 3 Trends in 2022

Prepare Your Network for These 3 Trends in 2022 By Khalid Raza, CEO and Founder of Graphiant New Year’s Resolutions are often things like exercising more, ...
Read Now
Media Coverage

VMblog 2022 Industry Experts Video Predictions Series – Ep. 5

As part of our annual predictions series for 2022, VMblog asked a number of different industry experts to share their thoughts about the new year. Watch as ...
Read Now
Media Coverage

Predictions 2022: Industrialization of the Internet, Service Economy, ML & AI

Link to the original article:https://www.youtube.com/watch?v=F_lVUr29FdM
Read Now

Subscribe To Our Newsletter

Experience what comes next in networking.

Stay up to date with blog updates and exclusive information delivered directly to your inbox.

Scroll to Top